CSO

Reruns hit Jihad video circuit
Two thumbs down for Mujahid's Guide to Information Security - donations please...

Compliance, Privacy, IT and Security will need to determine the impact to their controls (or lack thereof) creating a punch list of countermeasures and finding out why the ones they have deployed are not working – and what the impact is to your regulatory, statutory and standards-based compliance programs;

Computer hacking, as well as other IT jobs, can be a structured, documented and repetable proccess to find security holes in company infraestruture.

David Kernell's trial has been pushed back six months as the judge considers motions in the case.

From Cyber Jihad to Human and Computer Viruses - It has been a busy week

A German man has reportedly been arrested after crawling several popular German social-networking sites for data and then allegedly trying to extort $120,000 from the sites' operators.

Napolitano is making a great leap of faith that we are at that point in the Cyber Security maturation cycle and this leap is much like Evel Knievel’s jump across the Snake River.

The amount of labor and effort to run this operational task has worn thin. No longer am I interested in dealing with tape for anything but keeping my bumper on the old car with duck tape. Other than that, tapes and cartridges need to go the way of the floppy disk. Time to take them out back and shoot them!

This is the first part of my podcast interview with Edward Schwartz, CSO of NetWitness. In this installment, Mr. Schwartz comments on regulatory compliance as a driver for security spending. He shines a light on how myopic focus on complaince can be dangerous to the organization.

The recent outage and potential irretrievable data loss in Microsoft’s Sidekick services highlights one of the fundamental flaws in much of what today is known as cloud computing. That is, not only is there the possibility of one’s data being inaccessible due to a service outage, but there is the very real possibility that data may be lost forever because of a failure of the service provider to adequately backup its systems. Ordinarily, these types of risks are easily mitigated by the inclusion of strict protections in your contract with the service provider ensuring data will be available when needed and backed-up to protect against catastrophic failures.